Flood of stolen identities forces hackers to reduce their prices

by Neal O'Farrell on December 3rd, 2013

Have you any idea how much your identity is worth on the black market? And before you answer, remember that there’s a difference between wholesale and retail. Wholesale is the price hackers charge other crooks for stolen information, like credit card numbers, Social Security numbers, and bank account information. Retail is the value those crooks place the amount of money they can make from the stolen identities they buy.

A couple of weeks ago, Dell Secureworks put together a very compelling summary of exactly how much personal information goes for in the hacker world. Researchers at the company took a peek inside more than a dozen of the more active and professional underground hacker forums, a kind of data bazaar, where hackers buy and sell people just like you.

And it seems like there is so much stolen information in circulation and for sale, it’s driving the prices down. Way down. Which could mean that hackers have to steal and sell even more information just to make a living.

Here’s just a sampling of what Secureworks found:

A U.S. Visa, MasterCard, American Express, and Discover card will run between $4 and $8.

Data from the mag stripes on those cards fetches around $12. That stripe can include cardholder information, expiration data, and valuable security information.

Want to infect computers with data-stealing malware? That will cost you around $20 for 1,000 computers and $250 to infect 15,000 computers.

Need someone to develop a Trojan to plant on those infected computers? That can cost as little as $50.

Looking to hack into someone else’s website or steal their data? Hire a hacker to do the job for as little as $100.

And if you want a bank account that has anywhere between $75,000 and $150,000 on deposit, you can have all bank account details, including routing number and password, for less than $300.

According to Secureworks “Once scammers buy the malware-infected computers, they can do anything they want with the machines. They can harvest them for financial credentials, infect them with ransomware so as to extort money from their owners, or use them to form a spam botnet to send out malicious spam on behalf of other scammers.” Some spammers have made up to $2 million a year.

I’m currently working with a notorious identity thief who maintains that getting personal information is the easiest part, and that there’s so much stolen information in circulation identity thieves can pick and choose which identities to plunder.

I’ve been saying for years. Worry less about whether your information is out there, in the hands of crooks. It probably is, and only a matter of time before you’re the next one in line. Focus more on locking down your little corner of cyberspace. That’s a fight you have a better chance of winning.